Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Delete file with NO owner

Posted on 2003-03-05
28
Medium Priority
?
1,235 Views
Last Modified: 2013-12-28
I currently have a webserver running WinNT Server and IIS 4.0 that provides faculty and staff access to an educational institution.

While attempting to get a web-based program to function, I inadvertantly created a file with no owner that nobody (not even the administrator account) can access or delete.

In order to demonstrate this, I have mapped a drive to the affected directory on the webserver and used DIR /Q to display the files and their owner.  Notice that the "test2" directory has "..." listed as owner.

 Volume in drive Z has no label.
 Volume Serial Number is 9854-A623

 Directory of Z:\survey

03/04/2003  08:53 AM    <DIR>          BUILTIN\Administrators .
03/04/2003  08:53 AM    <DIR>          BUILTIN\Administrators ..
03/03/2003  03:50 PM    <DIR>          ...                    test2
               0 File(s)              0 bytes
               3 Dir(s)   1,953,845,248 bytes free


How this happened:

In order to attempt to get an application to run, I granted MODIFY permissions to the Internet Guest Account (IUSR) on the webserver.  The application limped along, and I decided I wanted to delete that test.

I happened to have MS Frontpage open, and attmpted to delete the parent folder ("survey") through that avenue, as I have many times before.

I want to emphasize that I have assigned permissions and deleted files before with no ill effects.  However, this time it didn't go so smoothly, and I now have a file that I cannot access.  Nobody has been able to delete it, take ownership, or even change (or display) permissions on the file.  It is as though all ownership and rights to the file have been removed from the MFT but the file still remains.

Any ideas?
0
Comment
Question by:AfroNinja
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 15
  • 4
  • 3
  • +4
28 Comments
 

Author Comment

by:AfroNinja
ID: 8072722
It wouldn't let me do this initally.
0
 

Author Comment

by:AfroNinja
ID: 8072727
Ignore that.  I was trying to increase the point value above 500, but it won't let me.  DOH.
0
 
LVL 1

Expert Comment

by:cuba_joe
ID: 8072773
What happens when you try to take ownership of the file? Do you get an error?
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 

Author Comment

by:AfroNinja
ID: 8072806
Under Windows XP, there is no Security tab displayed.  Under Windows NT, it behaves as though the take ownership permission has been denied.  It will allow you to take ownership of the parent folder, and even to specify that the ownership should propogate to all subfolders, but it will not allow the "test2" folder to be modified that way.
0
 

Author Comment

by:AfroNinja
ID: 8072821
Additionally, when using CACLS to take ownership from a command-line, it processes every file, but upon reaching "test2" it responds with "Access Denied."
0
 
LVL 1

Expert Comment

by:cuba_joe
ID: 8072831
Are you accessing the file locally or remotely? If accessing locally, are you sure you are logging in as admin?
0
 
LVL 1

Expert Comment

by:cuba_joe
ID: 8072874
Did you try cacls.exe c:\"file_name" /T /G Everyone:R
0
 

Author Comment

by:AfroNinja
ID: 8072876
I have accessed the file locally and remotely.  I am an administrator on the server.  I have also had the individual with the "Administrator" account attempt to access the file, but to no avail.  He runs into the same problems I do.

The means I have used to access this folder are as follows:

-> VNC
-> Mapping a drive (via administrative share) to the location of the problem folder
-> Using Windows Explorer to navigate the network
-> Logging onto the server directly
0
 

Author Comment

by:AfroNinja
ID: 8072884
Oh, and I have connected via FrontPage as well.  I have also deleted the subweb in which this folder resides, and FrontPage has no problems with that (FP 2002 extensions), but the troublesome folder is still there.  Upon recreating the web, the folder still appears.
0
 

Author Comment

by:AfroNinja
ID: 8072888
I most certainly did --> "Access Denied."
0
 

Author Comment

by:AfroNinja
ID: 8072917
I most certainly did --> "Access Denied."
0
 
LVL 1

Expert Comment

by:cuba_joe
ID: 8073003
If you can access the properties of the file, is the "Allow inheritable permissions from parent to propagate to this object" checked? If so, uncheck it and try taking ownership again.
0
 

Author Comment

by:AfroNinja
ID: 8073119
Within Windows XP, there is NO Security tab.

Within Windows NT, there is a security tab, but upon clicking either "Permissions" or "Ownership" -- ACCESS DENIED.

When the Administrator account does the same, it shows some default permissions, but upon trying to change any of them -- ACCESS DENIED
0
 

Expert Comment

by:Luck91
ID: 8073465
From TechNet:
Hackers often use folders with reserved filenames to make it difficult for a system administrator to remove files, particularly when those hackers get into your FTP server and start using it to host their own files.

Typically, you can use DEL on a FAT file system to delete files with reserved names, but on NTFS you need to use Rm.exe, a tool included with the Windows 2000 Resource Kit. If you can't take ownership of the folder or file, however, you'll get an Access Denied message when you try to remove the file.

Windows 2000 provides an option in the GUI to take ownership of a folder or file, but this method can fail when the folder or subfolder contains a reserved or blank name. The answer is to use another Windows 2000 Resource Kit tool, Subinacl.exe, to take ownership of the item.

To use Subinacl.exe, you first need to determine the item's short filename, which you can do by executing this command in the item's parent folder:

dir /x

Armed with the short name, use the Subinacl.exe command to take ownership and grant full access:

subinacl.exe /file <path>\<shortname> /setowner=administrator
/grant=administrator=f

If you need to take ownership of an entire directory tree, use the /subdirectories switch with the command, as shown in this example:

subinacl.exe /subdirectories <path> /setowner=administrator /grant=administrator=f

In some cases, you might need to use multiple Subinacl.exe commands to take ownership and gain access to a lengthy subdirectory tree.

After you take ownership and grant full access to the reserved folder or file, you should be able to remove it using Rm.exe.


Understand permission inheritance

Windows 2000 is shipped with an improved Access Control List Editor, which is apparent from the completely redesigned user interface. To view the new interface, right-click any file or folder in Windows Explorer and select the Security tab. (Note that this only works on NTFS volumes.)

Behind the new interface lies a new inheritance model. Once you're on the Security tab, click Advanced to see the Advanced Security Settings dialog box. At the bottom of the dialog box, you'll notice two check boxes.

The first check box (Inherit From Parent The Permission Entries That Apply To Child Objects) is checked by default on most folders. This setting means that the current folder will inherit all permissions defined on its parent.

This is where the new inheritance model steps in. Instead of individually assigning permissions on folders and subfolders, you can assign permissions to the topmost folder, and all subfolders will inherit them. This happens instantly and without any further administration.

If you don't want the inheritance, uncheck this box. When you do, a dialog box appears: You can choose to copy all the permissions from the parent folder, remove all the permissions that were previously applied because of the inheritance, or cancel the action.

0
 

Expert Comment

by:the_duke
ID: 8079325
If take ownership does not work (either locally or remotely, even by using winfile.exe).
Try to get a copy of NTFSDOS Pro. Then you are able to boot from disk and read and write to a ntfs partition.
If it is Windows 2000. Is EFS enabled?
If so decrypt file first and the take ownership.
0
 

Author Comment

by:AfroNinja
ID: 8080423
I am not currently having luck with any command line tools, but I am still trying.

the_duke, if you will read the original description of my problem, you will see that this is on an NT4 server box.  EFS is not a part of NT4.
0
 
LVL 51

Expert Comment

by:Netman66
ID: 8080772
Have you tried copying or moving the folder to another folder somewhere else?

You might have luck copying to another folder so it inherits permissions then copying back and selcting yes to overwrite.

0
 

Author Comment

by:AfroNinja
ID: 8080791
Can't be done.  No user has rights to the file, therefore it can't be copied, renamed, moved, deleted or opened.
0
 
LVL 51

Expert Comment

by:Netman66
ID: 8080929
Here's a few articles:


http://support.microsoft.com/default.aspx?scid=kb;en-us;307317

http://support.microsoft.com/default.aspx?scid=kb;EN-US;195227

Try installing the second article's SCM tool and looking at it again.

0
 

Author Comment

by:AfroNinja
ID: 8080995
The first article doesn't apply, as the permissions cannot be accessed, regardless of the method of access, be it local or remote.  Additionally, I'm not in a position when I can install a tool on a production webserver that fundamentally changes the security model in place.  That's far too risky.
0
 
LVL 4

Accepted Solution

by:
ProgSysAdmin earned 1000 total points
ID: 8081364
AfroNinja,

Try and perform a check disk with the drive with the unaccessible file(s).  In Windows NT Explorer, select the drive then right click to properties the select Tools tab and click on Check Now button.  Select both check boxes.  Then reboot the machine.  It could be corrupted file(s).

You keep on refering to a mapped drive with administrator account.  This is not local.  Is the administrator a domain administrator or a local administrator?  Try logining onto the local machine where the files are physically loacted and log on as the domain administrator then try taking ownership of those files.



0
 

Author Comment

by:AfroNinja
ID: 8081409
I've been pondering the disk check idea, yeah.

Actually, I've mapped a drive, connected via VNC, and physically logged on at the server's location using both the domain admin and the local admin accounts, but with no luck.

I'm gonna talk to the admins here about running chkdsk during some downtime tonight to see if that helps.
0
 
LVL 2

Expert Comment

by:MEwerlin
ID: 8081494
Hi AfroNinja,

I don't know if it'd work, but try to get the "chmod"-unix tool, also available for Win-OS. I think you can get it at www.sysinternals.com.
I had some astonishing successes with that to get ownership of files again when logged in as local admin.

Good luck!


Marco
0
 
LVL 4

Expert Comment

by:ProgSysAdmin
ID: 8081495
This might help even if it does not specify Windows NT 4.0

http://support.microsoft.com/default.aspx?scid=kb;en-us;320081
0
 
LVL 4

Expert Comment

by:ProgSysAdmin
ID: 8082570
This might help even if it does not specify Windows NT 4.0

http://support.microsoft.com/default.aspx?scid=kb;en-us;320081
0
 

Expert Comment

by:Luck91
ID: 8083949
Be sure you check the security on your recycle bin (hidden at c:\recycler and make sure it is secure from ftp hackers too)...Unix uses setfacl command which is similar to subinacl.  I agree with ProgSysAdmin:

subinacl /onlyfile "\\?\c:\path_to_problem_file" /setowner=domain\administrator /grant=domain\administrator=F
0
 

Author Comment

by:AfroNinja
ID: 8103237
Well, whatever the problem was, it seems to have been just a boo-boo in the MFT.  Upon rebooting the server over the weekend, the file disappeared.

As I suppose I have to select an answer, I'll pick the person who it appears did the most research.
0
 

Author Comment

by:AfroNinja
ID: 8103249
This being the only answer that suggested a reboot, I'll take this answer.
0

Featured Post

Create the perfect environment for any meeting

You might have a modern environment with all sorts of high-tech equipment, but what makes it worthwhile is how you seamlessly bring together the presentation with audio, video and lighting. The ATEN Control System provides integrated control and system automation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I was prompted to write this article after the recent World-Wide Ransomware outbreak. For years now, System Administrators around the world have used the excuse of "Waiting a Bit" before applying Security Patch Updates. This type of reasoning to me …
This article helps those who get the 0xc004d307 error when trying to rearm (reset the license) Office 2013 in a Virtual Desktop Infrastructure (VDI) and/or those trying to prep the master image for Microsoft Key Management (KMS) activation. (i.e.- C…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
In this video, viewers will be given step by step instructions on adjusting mouse, pointer and cursor visibility in Microsoft Windows 10. The video seeks to educate those who are struggling with the new Windows 10 Graphical User Interface. Change Cu…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question